Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
B
B
BonBon Slick2019-09-29 19:02:58
reCAPTCHA
BonBon Slick, 2019-09-29 19:02:58

Catching bots with Google reCaptcha v3?

https://developers.google.com/recaptcha/docs/v3

eCAPTCHA v3 returns a score for each request without user friction.

That is, if this is an API, each request must contain a captcha token from the Google service.
Which in turn is received and validated before each request
The score is based on interactions with your site and enables you to take an appropriate action for your site.

I.e:
  1. the user went to the page
  2. send a recaptcha request to get a token for the current session
  3. having received the token, we send a request to the server to validate the token
  4. on the server accept the token
  5. send again to google service token for validation with a secret application token
  6. waiting for an answer
  7. having received a response, we validate whether we allow the request to be made
  8. return json response
  9. on ui we look at what the server answered
  10. if the validation is successful, we send a request to get data for the page (this can be many requests)
  11. after the expiration, 2 minutes, of the token, we repeat everything from scratch, we check how much the user behaves suspiciously

It is worth adding here that for each request that we want to protect with captcha, that is, all requests, pages, then before each request, all actions must also be repeated.
For example, the user went to the main page 
grecaptcha.execute('_reCAPTCHA_site_key_', {action: 'homepage'}).then(function(token) {

The user wants to submit a login form that is in the popup on the main page
grecaptcha.execute('_reCAPTCHA_site_key_', {action: 'homepage_login'}).then(function(token) {

The user now wants to download more data or go to the second page of content
grecaptcha.execute('_reCAPTCHA_site_key_', {action: 'homepage_load_more'}).then(function(token) {
    grecaptcha.execute('_reCAPTCHA_site_key_', {action: 'homepage_page_2'}).then(function(token) {
...

It says here that
reCAPTCHA v3 will never interrupt your users, so you can run it whenever you like without affecting conversion.

But such validations are serious delays, instead of 0.3 sec, all 2-3 sec.
reCAPTCHA works best when it has the most context about interactions with your site, which comes from seeing both legitimate and abusive behavior. For this reason, we recommend including reCAPTCHA verification on forms or actions as well as in the background of pages for analytics.

That is, for each action where the user clicks something, as mentioned, the transition to the page, submitting the form, and so on.
The only option is to do all these requests asynchronously. Content upload + suspicion validation.
All this is to catch bots on the site.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
X
xmoonlight, 2019-09-29
@BonBonSlick

After validating the captcha, set the user session parameter that he passed the captcha and do not use Google Captcha again in this session.
This will be enough to exclude most bots.
For everyone else, a behavioral filter is needed.

Similar questions
A
Alex Smith2017-09-05 10:33:30
What are the ReCaptcha V2 bypass methods? 1Reply
A
almore2017-09-11 20:46:06
How to reload invisible recaptcha in react spa? 1Reply
T
testkeyc2020-02-11 09:14:41
How to fix an error when connecting captcha from google? 0Reply
M
MaximMRX2017-12-02 14:10:09
Invisible reCAPTCHA overwriting submit? 0Reply
V
Vyacheslav Grachunov2020-04-04 14:48:14
Are there any libraries for solving Google audio captcha? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question